The Bittersweet Reality of Digital Transformation

The Bittersweet Reality of Digital Transformation - Quality of Care

Healthcare’s digital transformation journey has been paved by advances in technology, policy initiatives and incentives. Yet the road to transformation has also been littered with potholes, which slows and prevents adoption. The zeitgeist of the health IT industry is the that next solution will be revolutionary. Yet, to date, it has been less of the start of a “revolution” and more like Waiting for Godot. Unfortunately, when our proverbial Godot came, it was in the form of Covid-19.

Almost 20 years ago, Crossing the Quality Chasm outlined six essentials areas – patient safety, care effectiveness, patient-centeredness, timeliness, care efficiency, and equity – for improving the quality of care, reducing preventable errors, and driving population health management.  The overarching recommendation was that the utilization of information technology (IT) would be a game changer for clinical coordination. This seminal piece of work became a springboard for electronic health record (EHR) proliferation and mHealth adoption.

As health IT became more ubiquitous, there were unintended consequences of IT and mobile adoption. For example:

  • The annual number of electronic protected health information(ePHI) breaches increased from 18 in 2009 to more than 365 in 2018.[1]
  • From 2013 to 2018, the average cost of a data breachto healthcare organizations rose to $3.92 million.[2]
  • Globally over 41 million patient recordswere breached in 2019, with a single hacking incident affecting close to 21 million records.[3]
  • Unauthorized accessand disclosure incidents were the second largest cause of data breaches, representing nearly (29%) of incidents involving more than 11% of all records breached.[4]

There is no doubt that EHRs are the gold standard for facilitating better patient care, but the  introduction of the master patient index (MPI) – a database of sharing patient information

across all the departments of a healthcare organization – became a strategic differentiator for patient care. From the 1980s to the late 1990s, as healthcare clinicians and researchers embraced data sharing, identity management was single sign-on (SSO) until health systems started to realize they needed more than basic access management and light-weight provisioning to maintain compliance in the new world of ever-changing data privacy and security laws.

Beginning in the early 2000s, the need for interoperability lead many organizations to embrace cloud-based, open-secure, integrated mobile health solutions. As EHRs became the norm, providers were able to improve outcomes and reduce preventable medical errors by improving the accuracy and clarity of medical records.   With increased data sharing, identity management security was seen as less of a nice to have and more of a foundational requirement for a good compliance program, specifically to ensure the privacy and security of ePHI across the continuum of care.

Letting Identity Management Shine…

The amount of ePHI data being generated in healthcare has been a catalyst for significant investments in cloud storage and security solutions, but there is more to security than just access and storage.  The 3Vs — volume (the amount of data), variety (the number of types of data), and velocity (the rate at which data flows into an organization) — of healthcare data has been accelerated by the proliferation of the Internet of Medical Things (IoMT) and global initiatives to adopt digital health.

The rapid growth of BYOD devices coupled with diverse technology ecosystems have transformed healthcare into interconnected mobile communities. During Covid-19, the power of IT in driving data sharing in near real-time was essential for clinical coordination and improving patient outcomes.

Moreover, the desire for data sharing within and outside the 4 walls of the hospital, have matured beyond single sign-on. The next generation of identity management solutions need to demonstrate data privacy compliance to auditors with detailed audit-trails and reporting and capturing any access that has been granted outside of policy and provide documentation as to who requested access to what, if access was approved and when.

As we move towards a more digital integrated approach to clinical workflows, health systems looking to find innovative ways to improve patient outcomes, drive transparency, and improve population health are looking at identity management with new urgency. During the time of Covid-19, many health systems needed to provision new employees and give existing employees access to remote tools with abbreviated turnaround times. There is anecdotal evidence that health systems that had invested in identity management solutions pre-Covid-19, were able to immediately provision clinicians seamless without creating additional burdens on IT resources, which meant clinicians could do what they do best – treat patients.

About the author

Ms. Alison Haughton serves as  a Senior Manager, Healthcare at SailPoint. Ms. Haughton focuses on health IT, population health management, identity governance, cloud, and digital care transformation. Ms. Haughton was one of the principal members of AT&T’s ForHealth practice and  has served in a series of senior product marketing and leadership roles at IMS Health (now IQVIA), Harvard Medical School, Parexel, and a variety of early stage healthcare companies implementing mobile and cloud-based solutions.

References

[1] “Main Causes of Security Breaches in the Healthcare Industry,” RSI Security, October 2019, https://blog.rsisecurity.com/main-causes-of-security-breaches-in-the-healthcare-industry/.

[2] “2019 Cost of A Data Breach Study Reveals Increase in U.S. Healthcare Data Breach Costs,” HIPAA Journal, July 24, https://www.hipaajournal.com/2019-cost-of-a-data-breach-study-healthcare-data-breach-costs/2019.

[3] “Number of patient records breached nearly triples in 2019,” Heather Landi, Fierce Healthcare, February 20, 2020, https://www.fiercehealthcare.com/tech/number-patient-records-breached-2019-almost-tripled-from-2018-as-healthcare-faces-new-threats.

[4] “Report Reveals Worst State for Healthcare Data Breaches in 2019,” Sarah Coble, InfoSecurity Magazine, February 14, 2020, https://www.infosecurity-magazine.com/news/report-healthcare-data-breaches-in/.